Skip to main content

Prerequisites

To configure SAML SSO, you need an active CoreWeave account and admin permissions.

Configure SAML SSO for your organization

This section explains how to set up SAML single sign-on (SSO) for your organization so members can authenticate through your identity provider (IdP) instead of CoreWeave credentials. You can configure SAML SSO policies for CoreWeave Kubernetes Service (CKS) manually or with a metadata URL. Choose the method that matches what your IdP exposes.
SAML responses and assertions must both be signed by your IdP.

Configure SSO manually

Use the manual configuration when your IdP doesn’t publish a metadata URL or when you prefer to enter each value yourself. Before you configure the SSO policy manually, gather the following information from your identity provider (IdP):
  • The IdP’s SSO URL.
  • The IdP’s unique Entity ID.
  • An X.509 security certificate provided by your IdP.
To configure SSO manually:
  1. In Cloud Console, go to SAML SSO configuration and click the Configure SAML button.
  2. Select the Manual Configuration tab: Manual Configuration tab in the SAML SSO setup dialog.
  3. Enter the SSO URL, the Entity ID, and the provided X.509 security certificate.
  4. Click the Next button.
  5. Confirm the information in the dialog boxes is correct.
  6. Click the Deploy SSO button to activate the policy.
The SSO policy is now active for your organization. To complete the integration, add specific attributes to the IdP so CoreWeave can identify each user. For more information, see the Add attributes to the IdP section.

Add attributes to the IdP

CoreWeave uses these attributes to identify each user who signs in through SSO. After you deploy the SSO policy, add the following attributes to your IdP:
KeyDescription
emailUser’s email (unique identifier)
first_nameUser’s first name
last_nameUser’s last name

Manage the SSO policy

After the initial setup, you can return to the SAML SSO configuration page to review or change the policy. The configuration dialog displays the policy’s information and lets you manage it with the following buttons: Disable SAML, Enable SAML, and Edit.

Access the SSO login page

After you configure SSO for your organization, direct users to sign in with your organization’s dedicated SSO login URL. The SSO login URL follows a standard format that includes your organization’s unique ID directly before the final /login path segment. To access the SSO login URL:
  1. In Cloud Console, go to Account Settings and find your CoreWeave Org ID.
  2. Replace [ORG-ID] in the following example with your Org ID. 
    # Replace `[ORG-ID]` with your Org ID.
https://console.coreweave.com/accounts/saml/[ORG-ID]/login
    Example If your Org ID is abc123, your SSO login URL is: 
    https://console.coreweave.com/accounts/saml/abc123/login
  3. Share this URL with your team so they can sign in with your SSO configuration.
Users who visit this URL are redirected to your IdP to authenticate, then returned to Cloud Console.
Last modified on June 10, 2026